New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Not working with github private repo #755
Comments
Reproduced.
Token is simply not being used. |
Looks like i am having |
In case someone would like to work on this. It is now a lot easier because the git resolver code was moved to @pnpm/git-resolver and the git fetcher to @pnpm/git-fetcher. I just did not move all the git-related tests there yet |
I had similar issue on bitbucket private repo. Failed on
Message:
But works on full url
or
|
Hi all, I am working on add support of bitbucket/gitlab (public and private) repos in @pnpm/git-resolver. I have question on the usability of using OAuth token in dependencies of package.json. The OAuth token has limited lifespan, it will become invalid very soon. It seems to me it should not be put in package.json. For that reason, I am reluctant to add support of token based full url. But I am not sure about your use case. Let me know your thoughts. For private repos, as long as you have ssh key probably setup on your github/bitbucket/gitlab account, future
|
Changes from pnpm/git-resolver#12 published in pnpm v2.10.0. |
I have no private repositories, so I cannot verify that it works. If someone verified it with the latest pnpm, lets close this issue |
@zkochan didn't work for me! I've given you access to this private repo: https://github.com/mvayngrib/pnpmtest to help you test :) Thanks! I'm looking forward to this feature |
@mvayngrib thanks if it costs you money to keep the private repo, create it later. I don't know when will I have time to look into it because I work on some big changes currently |
@mvayngrib how do you reference the private repo in package.json? |
@zkochan i'm already paying for a few so I can keep this around for a bit (it doesn't cost me extra) pnpm i https://github.com/mvayngrib/pnpmtest
pnpm i mvayngrib/pnpmtest |
It requires you have ssh public key set probably on github. If you can run git clone git@github... successfully, the pnpm i should work. If it doesn’t work, please share your console error of that pnpm i command. |
@huochunpeng I can clone it like this: btw, i've given you access to the repo too :) $ git clone https://github.com/mvayngrib/pnpmtest
Cloning into 'pnpmtest'...
remote: Enumerating objects: 4, done.
remote: Counting objects: 100% (4/4), done.
remote: Compressing objects: 100% (3/3), done.
remote: Total 4 (delta 0), reused 4 (delta 0), pack-reused 0
Unpacking objects: 100% (4/4), done. |
@mvayngrib I got no problem
The way you do git clone is using https authentication, not ssh + public key.
The pnpm git-resolver supports both saved https login and ssh public key. I am guessing something messed up with your saved https login. If every time you were asked to key in username/passwd when you do Anyway, recommend you to follow the article to setup ssh public key for your github account. Using ssh is much smoother user experience than using https. |
@huochunpeng interesting! I don't put in my username/password, as you can see from what I pasted. Let me see if i can give you more info, maybe it'll help to figure out what's wrong: $ pnpm i mvayngrib/pnpmtest --reporter ndjson
{"time":1539434597968,"hostname":"mark.local","pid":26503,"level":"debug","name":"pnpm:package-json","initial":{"name":"pnpmtest-proj","version":"1.0.0","description":"","main":"index.js","scripts":{"test":"echo \"Error: no test specified\" && exit 1"},"keywords":[],"author":"","license":"ISC","dependencies":{"pnpmtest":"github:mvayngrib/pnpmtest"},"readme":"ERROR: No README data found!","_id":"pnpmtest-proj@1.0.0"},"prefix":"/Users/tenaciousmv/Code/pnpmtest-proj"}
{"time":1539434597974,"hostname":"mark.local","pid":26503,"level":"debug","name":"pnpm:stage","message":"resolution_started"}
{"time":1539434597976,"hostname":"mark.local","pid":26503,"level":"debug","name":"pnpm:progress","pkg":{"rawSpec":"mvayngrib/pnpmtest"},"status":"installing"}
{"time":1539434598833,"hostname":"mark.local","pid":26503,"level":"debug","name":"pnpm:progress","status":"resolved","pkgId":"github.com/mvayngrib/pnpmtest/401326db4beb9f33eeea9c6dd445abf19e52de9b","pkg":{"rawSpec":"mvayngrib/pnpmtest"}}
{"time":1539434669308,"hostname":"mark.local","pid":26503,"level":"warn","name":"pnpm:store","message":"Fetching github.com/mvayngrib/pnpmtest/401326db4beb9f33eeea9c6dd445abf19e52de9b failed!"}
{"time":1539434669310,"hostname":"mark.local","pid":26503,"level":"error","name":"pnpm","message":{"code":"E404","uri":"https://codeload.github.com/mvayngrib/pnpmtest/tar.gz/401326db4beb9f33eeea9c6dd445abf19e52de9b","response":{"body":{"_readableState":{"objectMode":false,"highWaterMark":16384,"buffer":{"head":{"data":{"type":"Buffer","data":[52,48,52,58,32,78,111,116,32,70,111,117,110,100,10]},"next":null},"tail":{"data":{"type":"Buffer","data":[52,48,52,58,32,78,111,116,32,70,111,117,110,100,10]},"next":null},"length":1},"length":15,"pipes":null,"pipesCount":0,"flowing":null,"ended":true,"endEmitted":false,"reading":false,"sync":false,"needReadable":false,"emittedReadable":true,"readableListening":false,"resumeScheduled":false,"destroyed":false,"defaultEncoding":"utf8","awaitDrain":0,"readingMore":false,"decoder":null,"encoding":null},"readable":true,"domain":null,"_events":{},"_eventsCount":2,"_writableState":{"objectMode":false,"highWaterMark":16384,"finalCalled":false,"needDrain":false,"ending":true,"ended":true,"finished":true,"destroyed":false,"decodeStrings":true,"defaultEncoding":"utf8","length":0,"writing":false,"corked":0,"sync":false,"bufferProcessing":false,"writecb":null,"writelen":0,"bufferedRequest":null,"lastBufferedRequest":null,"pendingcb":0,"prefinished":true,"errorEmitted":false,"bufferedRequestCount":0,"corkedRequestsFree":{"next":null,"entry":null}},"writable":false,"allowHalfOpen":true,"_transformState":{"needTransform":false,"transforming":false,"writecb":null,"writechunk":null,"writeencoding":"buffer"}},"size":0,"timeout":0,"url":"https://codeload.github.com/mvayngrib/pnpmtest/tar.gz/401326db4beb9f33eeea9c6dd445abf19e52de9b","status":404,"statusText":"Not Found","headers":{}},"attempts":3,"resource":"https://codeload.github.com/mvayngrib/pnpmtest/tar.gz/401326db4beb9f33eeea9c6dd445abf19e52de9b"},"err":{"name":"Error","message":"404 Not Found: https://codeload.github.com/mvayngrib/pnpmtest/tar.gz/401326db4beb9f33eeea9c6dd445abf19e52de9b","code":"E404","stack":"Error: 404 Not Found: https://codeload.github.com/mvayngrib/pnpmtest/tar.gz/401326db4beb9f33eeea9c6dd445abf19e52de9b\n at /usr/local/lib/node_modules/pnpm/lib/node_modules/@pnpm/tarball-fetcher/lib/createDownloader.js:55:41\n at Generator.next (<anonymous>)\n at fulfilled (/usr/local/lib/node_modules/pnpm/lib/node_modules/@pnpm/tarball-fetcher/lib/createDownloader.js:4:58)\n at <anonymous>\n at process._tickCallback (internal/process/next_tick.js:188:7)"}}
Error: 404 Not Found: https://codeload.github.com/mvayngrib/pnpmtest/tar.gz/401326db4beb9f33eeea9c6dd445abf19e52de9b
at /usr/local/lib/node_modules/pnpm/lib/node_modules/@pnpm/tarball-fetcher/lib/createDownloader.js:55:41
at Generator.next (<anonymous>)
at fulfilled (/usr/local/lib/node_modules/pnpm/lib/node_modules/@pnpm/tarball-fetcher/lib/createDownloader.js:4:58)
at <anonymous>
at process._tickCallback (internal/process/next_tick.js:188:7)
Error: 404 Not Found: https://codeload.github.com/mvayngrib/pnpmtest/tar.gz/401326db4beb9f33eeea9c6dd445abf19e52de9b
at /usr/local/lib/node_modules/pnpm/lib/node_modules/@pnpm/tarball-fetcher/lib/createDownloader.js:55:41
at Generator.next (<anonymous>)
at fulfilled (/usr/local/lib/node_modules/pnpm/lib/node_modules/@pnpm/tarball-fetcher/lib/createDownloader.js:4:58)
at <anonymous>
at process._tickCallback (internal/process/next_tick.js:188:7) my ~/.gitconfig has: [url "https://"]
insteadOf = "git://"
[credential]
helper = osxkeychain
[hub]
protocol = https |
@mvayngrib I saw you have special gitconfig that forces changing From your log, it looks like pnpm successfully resolved into a git commit hash |
@mvayngrib I am guessing you prefer https because of some firewall? |
@huochunpeng yea, I don't remember...I think I had some trouble with npm or yarn at some point, with git or private git dependencies, and I took someone's recommendation to add this :) |
the good news is that if I remove that block in gitconfig, |
I am able to install from a private repo locally on windows but my CI server (docker/linux) is failing (npm works in both environments).
Here's the package.json dependency declaration Here's the error I'm currently seeing Resolving: total 1502, reused 0, downloaded 8
·WARN· Fetching github.com/<orgName>/<repoName>/<commitHash> failed!
ERROR· util.getSystemErrorName is not a function
at getCode ../../../../../../../../usr/local/lib/node_modules/pnpm/lib/node_modules/execa/lib/error.js:11 return [util.getSystemEr…
at makeError ../../../../../../../../usr/local/lib/node_modules/pnpm/lib/node_modules/execa/lib/error.js:50 const [exitCodeName, exi…
at handlePromise ../../../../../../../../usr/local/lib/node_modules/pnpm/lib/node_modules/execa/index.js:112 const returnedError = ma…
at _tickCallback internal/process/next_tick.js:188
TypeError: util.getSystemErrorName is not a function
at getCode (/usr/local/lib/node_modules/pnpm/lib/node_modules/execa/lib/error.js:11:16)
at makeError (/usr/local/lib/node_modules/pnpm/lib/node_modules/execa/lib/error.js:50:35)
at handlePromise (/usr/local/lib/node_modules/pnpm/lib/node_modules/execa/index.js:112:26)
at <anonymous>
at process._tickCallback (internal/process/next_tick.js:188:7) I don't have a private repo or an easy way to create a reproducible test environment but I'm hoping the logs above help. For now I'll have to use npm for CI builds but I'm happy that I can use pnpm locally to save some disc-space ♥ |
@StJohn3D I think the existing implementation doesn't understand |
@3cp Thanks for the idea! I tried it again without the semver but unfortunately it's the same thing. Pnpm works locally (windows) but not in the aws build (Linux and nodejs:8.11.0) - even though npm still works in the aws code build. |
Because it's a private package, you need to configure your AWS vm to generate a ssh key pair and add that public key to your GitHub account. Sorry, I missed that detail in your first question. |
@3cp I already have. Like I said, it works with npm in the aws code build, just not pnpm. |
@3cp actually I was wrong, my environment is only configured for https. - echo "machine github.com login $GithubAccessToken" >> ~/.netrc
- git config user.email "redacted@redacted.com"
- git config user.name "redacted" Is there any chance of pnpm working over https like npm does for private repos? |
Slightly different. npm will prompt you first time when you access https private repo, then it will use saved login (by some process in the windows/mac/linux, should be keychain in mac) for future access. I don't remember does npm skip prompt in CI environment. pnpm behaves more like yarn, it doesn't prompt for https login at all, it only uses what OS provides. So you need to the OS to save/cache the login first before you attempt https private repo. That's as far as I can remember. |
I also find it not possible to install a Github private package with PNPM via HTTPS. The following in my package JSON: dependencies: {
"@<org>/<repo>": "git+https://<token>:x-oauth-basic@github.com/<org>/<repo>.git"
} Works fine with
It seems that PNPM switches from using HTTPS (which works with the embedded access token) to SSH (which does not work as I do not install local SSH key), whilst NPM is happy to install via HTTPS using token. In my case I prefer to use a token (access limited to package reader) that I can store in projects that need access to private packages, and that works well in all build environments etc., rather than setting up all environments with SSH key. |
Currently the implementation only supports public key through ssh, not https. Try |
Thanks very much 3cp, I can confirm that installation works once I have created an SSH key pair on my machine and added the public key to my account on GitHub. I suggest it is worth tracking HTTPS support for private Github packages in the PNPM feature backlog, for two reasons:
Example 1: I use a cloud-based container (or configurable build service like Netlify, Vercel, etc.) to build and deploy my app, and whilst I can generate a key pair for that container and add it to my GitHub account, the container now has equivalent access as I do, to all my GitHub repos private or public. That's fine if only I can access the build environment, but what if I need to share access with others? Example 2: I am working with a customer and recommend them to install a dependency from my private package for their development. They would need to (a) have a github account (b) generate a key pair (c) install than in GitHub (d) be granted access to my repo (e) repeat the above for any of their colleagues, build environments etc. If I generate a package-reader auth token in my github org I can provide a simple URL for a customer or build environment that provides (revokable) access to private packages, without the need for any other steps. I recommend PNPM whenever discussing package management, but this is one area where I will have to be careful in setting expectations. Do I recommend PNPM and go through the extra overhead of SSH key management across dev/build environments when working private repos, or advise to use NPM and stick with HTTPS auth tokens, which is the default recommended approach by GitHub and Netlify? Anyway I have an approach for now, but I suggest keeping this in the roadmap for the future, and I'd be happy to hear of any other aspects I may not have considered here. |
I understand and agree on the assessment. At least pnpm needs to cover what npm can do. |
🚢 5.4.0 |
What is the disposition of this issue? I absolutely love pnpm and use it all the time for personal projects. But I work for an organization that will not permit the use of ssh to access it's private repositories on GitHub. Here's an example of pnpm failing during installation of a package in a private repo: ERROR Command failed with exit code 128: /usr/bin/git ls-remote git+ssh://git@github.com/[private-org]/[private-repo].git HEAD
git@github.com: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists. The package is included into the devDependencies section of package.json as follows: "[private-repo]": "git+https://github.com/[private-org]/[private-repo].git", To make sure that git always uses https instead of ssh, I have the following in .gitconfig
|
I've found a solution on a comment on an NPM issue which works with PNPM 7.19.0 too. npm/cli#2610 (comment)
In my case I'm using a Codespace which is permitted to access another repo, which works through using Git over HTTPS. https://docs.github.com/en/codespaces/managing-your-codespaces/managing-repository-access-for-your-codespaces |
pnpm version:
v0.67.0
Code to reproduce the issue:
pnpm i
withpackages.json
like:Expected behavior:
The private repo gets well installed.
Actual behavior:
Additional information:
node -v
prints:v7.6.0
OS X
The text was updated successfully, but these errors were encountered: